Databricks just entered the security market — and it brought a thesis: the architecture of legacy SIEMs is fundamentally incompatible with the speed and scale of AI-driven attacks.
Lakewatch, launched March 24 in private preview, is an open, agentic SIEM that runs directly on the Databricks lakehouse. Instead of bolting AI onto a legacy detection engine, it treats security telemetry as a data problem — one the lakehouse already solved for analytics.
Early customers include Adobe and Dropbox, and the product shipped alongside two acquisitions and a deepened partnership with Anthropic.
The Thesis: Legacy SIEMs Can’t Survive Machine-Scale Attacks
Databricks’ argument is built on a single number: mean time to exploit collapsed from 23.2 days in 2025 to 1.6 days in 2026 (per ZeroDayClock.com).
LLMs have discovered 500+ zero-days in open-source code. AI agents are topping bug bounty leaderboards. State-sponsored groups are using AI to automate intrusion campaigns. The attackers are operating at machine speed, 24/7.
The defenders? Still manually enriching alerts, hand-authoring detection rules, and testing threat hunting hypotheses over days or weeks. And they’re working with only a fraction of their data — because traditional SIEMs charge by ingestion volume, creating a financial penalty on every byte stored.
Large enterprises generate terabytes of security data daily. Most of it gets filtered, routed, or deleted before it reaches the SIEM. Chat logs, video, collaboration platform data — ignored entirely. That’s exactly where social engineering attacks, insider threats, and prompt injection attempts hide.
What Lakewatch Does Differently
Decoupled Storage and Compute
Store petabytes of full-fidelity security telemetry in your own cloud storage (Delta Lake or Apache Iceberg). No vendor lock-in, no ingestion tax. Databricks claims up to 80% lower TCO compared to legacy SIEMs.
Everything in One Place
Built on Unity Catalog, Lakewatch runs security queries directly alongside existing business data — HR systems, collaboration platforms, application logs, transaction data. When an alert fires, analysts correlate across any data source without switching tools.
Agents Fighting Agents
This is where it gets interesting. Lakewatch deploys defensive AI agents powered by Anthropic’s Claude models for:
- Automated ingestion and parsing of new log sources to OCSF (Open Cybersecurity Schema Framework)
- Net-new detection authoring based on latest threat intelligence
- Rule modification to reduce false positives
- Natural language threat hunting — query petabytes of data in plain English via Genie Spaces
- Multi-step agentic investigation workflows
The explicit framing: you need AI agents to defend against AI agents. Human analysts can’t keep pace with machine-speed attacks alone.
Detection-as-Code
Define detection rules in YAML with SQL or Python, backtest against historical data, deploy through CI/CD pipelines. This is security engineering, not security clicking.
Two Acquisitions to Back It Up
Databricks didn’t just build Lakewatch internally. It acquired two companies to fill critical gaps:
Antimatter
Founded by UC Berkeley researchers, Antimatter specializes in provably secure authentication and authorization for AI agents. The deal closed last year (previously undisclosed). Antimatter had raised $12M in 2022.
The relevance: if you’re deploying defensive AI agents inside a SIEM, those agents need their own identity and access governance. Antimatter provides the cryptographic foundation for agent-to-agent trust.
SiftD.ai
Founded by the creator of Splunk’s Search Processing Language (SPL) and key Splunk architects. SiftD.ai focuses on large-scale detection engineering and threat analytics. Deal closed March 23, 2026.
The relevance: Splunk’s SPL defined how a generation of SOC analysts think about detection. Bringing that expertise into Lakewatch gives Databricks detection engineering credibility that would take years to build organically.
The Anthropic Partnership
Lakewatch runs on Claude models for its agentic capabilities — and the partnership is bidirectional. Anthropic itself uses Databricks for its security lakehouse. This creates an interesting dynamic: Anthropic’s AI powers Databricks’ security product, while Anthropic’s own security operations run on Databricks’ platform.
What This Means for OpenClaw Users
Lakewatch is enterprise-grade and priced accordingly — this isn’t something individual OpenClaw operators will deploy. But the underlying trends matter:
The SIEM market is being rebuilt around agents. Lakewatch, Google’s Agentic SOC, CrowdStrike’s Charlotte AI, SentinelOne’s Purple AI — every major security platform is shipping AI agents for detection and response. The legacy model of human analysts manually investigating alerts is ending.
Mean time to exploit is collapsing. 1.6 days in 2026 means the window between vulnerability disclosure and active exploitation is shorter than most organizations’ patch cycles. For OpenClaw operators: patch fast, restrict network exposure, monitor your MCP servers.
Open formats are winning. Lakewatch’s bet on OCSF, Delta Lake, and Iceberg reflects a broader shift away from proprietary data formats. For the OpenClaw ecosystem, this aligns with the MCP-driven push for open, interoperable agent infrastructure.
The “fight agents with agents” framing is now universal. Every major security vendor at RSAC 2026 used some variant of this message. The question isn’t whether to deploy defensive agents — it’s how to govern them.
Sources: Databricks Blog, TechCrunch, Databricks Press Release